Secure Logging of Data Storage Device Events

1. A data storage device comprising: a non-transitory storage medium configured to store user content data; and a non-transitory data store configured to store: a first log entry comprising first log data encrypted using one key of a first public key and a corresponding first private key; a second public key different from the first public key; and a second log entry comprising: the first public key, and second log data encrypted using one key of the second public key and a corresponding second private key.

2. The data storage device of claim 1 , further comprising a controller configured to create the first log entry and the second log entry.

3. The data storage device of claim 2 , wherein the controller is further configured to: generate the second public key and the second private key; encrypt the second log data using the second private key; store the second public key; and discard the second private key.

4. The data storage device of claim 2 , wherein: the non-transitory data store is further configured to store a single logging public key for the first log entry and the second log entry; the logging public key is accessible in response to an authorized device being connected to the data storage device, and the controller is further configured to encrypt the second log data using the logging public key and the second private key.

5. The data storage device of claim 4 , wherein encrypting the second log data comprises determining a secret based on elliptic curve cryptography using the logging public key and the second private key.

6. The data storage device of claim 5 , wherein the non-transitory data store is further configured to store a logging private key corresponding to the logging public key.

7. The data storage device of claim 6 , wherein the logging private key is encrypted and accessible in response to a manager device being connected to the data storage device.

8. The data storage device of claim 7 , wherein the logging private key is encrypted using a manager key.

9. The data storage device of claim 6 , wherein the controller is further configured to decrypt the second log data using the private logging key and the second public key stored on the data store.

10. The data storage device of claim 9 , wherein the controller is further configured to decrypt the first log data using the private logging key and the first public key stored in the second log entry.

11. The data storage device of claim 9 , wherein decrypting the second log data comprises determining a secret based on elliptic curve cryptography using the logging private key and the second public key.

12. The data storage device of claim 1 , wherein: the first log entry is encrypted using the first private key; and the second log entry is encrypted using the second private key.

13. The data storage device of claim 1 , wherein: the first private key and the first public key are unique for the first log entry; and the second private key and the second public key are unique for the second log entry.

14. The data storage device of claim 1 , wherein the second public key is stored separate from the first log entry and the second log entry.

15. The data storage device of claim 1 , wherein the non-transitory data store is further configured to store: a next log entry pointer indicative of a storage location of the second log entry; and an initial log entry pointer indicative of a storage location of an initial log entry.

16. The data storage device of claim 15 , wherein the initial log entry pointer is encrypted and accessible in response to a manager device being connected to the data storage device.

17. The data storage device of claim 1 , wherein the first public key is encrypted together with the second log data.

18. The data storage device of claim 1 , further comprising: a data path comprising: a data port configured to transmit data between a host computer system and the data storage device that registers with the host computer system as a block storage device; and a cryptography engine connected between the data port and the storage medium and configured to use a cryptographic key to decrypt encrypted user content data stored on the storage medium in response to a request from the host computer system; an authorization data store configured to store multiple entries comprising authorization data associated with respective multiple devices; and an access controller configured to: receive from one device of the multiple devices a public key associated with a private key stored on the one device of the multiple devices; determine, based on the public key, a role of manager device or authorized device; in response to determining the role of authorized device, allow creating log entries and restrict reading log entries; and in response to determining the role of manager device, allow reading log entries.

19. A method for logging on a data storage device, the method comprising: creating first log data; encrypting the first log data using one key of a first public key and a corresponding first private key; storing a first log entry comprising the first log data encrypted using the one key of the first public key and the corresponding first private key; storing a second public key different from the first public key; creating second log data; encrypting the second log data using one key of a second public key and a corresponding second private key; and storing a second log entry, the second log entry comprising: the first public key, and the second log data encrypted using the one key of the second public key and the corresponding second private key.

20. A data storage device comprising: means for creating first log data; means for encrypting the first log data using one key of a first public key and a corresponding first private key; means for storing a first log entry comprising the first log data encrypted using the one key of the first public key and the corresponding first private key; means for storing a second public key different from the first public key; means for creating second log data; means for encrypting the second log data using one key of a second public key and a corresponding second private key; and means for storing a second log entry, the second log entry comprising: the first public key, and the second log data encrypted using the one key of the second public key and the corresponding second private key.